Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio

CVEs (1)

Remediations

• Version 2023.1 Patch 1 of EcoStruxure Machine SCADA Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/ww/en/product-range/63734-ecostruxure-machine-scada-expert/#software-and-firmware For additional details please refer to the supplied ReadMe help file in Version 2023.1 Patch 1
• Version 2023.1 Patch 1 of Pro-face BLUE Open Studio includes a fix for this vulnerability and is available for download here: https://www.proface.com/en/hmi_design_studio/bos/page/installer For additional details please refer to the supplied Release Notes file in Version 2023.1 Patch 1
• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Access Control Lists should be applied to all folders where users will save and load project files. • Maintain a trusted chain-of-custody on project files during creation, modification, distribution, backups, and use. • Apply data-protection at the project level with a strong master password. For configuration step-by-step refer to “Technical Reference Manual” > Project Overview > Configuring Additional Project Settings > Options Tab > Data Protection. • If passwords are being used as function parameters inside project documents (such as scripts or worksheets), it is recommended to remove those passwords and use project tags instead. For more information on tags refer to “Technical Reference Manual” > Tags and the Tag Database > About Tags and the Project Database.

Affected Vendors

Affected Products (4)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy